This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
‎2025-05-28 09:41 AM

Traffic dropped only in clean-up rule??

Hi Guys.
I’m running tests on URL Filtering with a Check Point cluster running R81.20 with Jumbo Hotfix Take 99.
HTTPS Inspection is not enabled.

There is a rule inside an inline layer that blocks traffic categorized as Sex/pornography

behavior:

  • When the cleanup rule of the inline layer is set to Drop, the site is blocked correctly

  • When the cleanup is set to Accept, the site loads successfully 

  • The site in question is correctly categorized as Sex/pornography

  • QUIC traffic is blocked via a separate rule

Why is this site being blocked only when the inline layer's cleanup rule is set to Drop, even though it doesn’t match the rule above that should block it based on its category?
Thanks a lot

0 Kudos
37 Replies
PhoneBoy
Admin
Admin
‎2025-05-29 03:52 PM
In response to RemoteUser

QUIC and HTTP/3 support were major features of R82.
No plans to backport to earlier releases.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-05-29 05:06 PM
In response to PhoneBoy

TAC guy told me the same recently...definitely major features of R82.

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-29 08:27 PM
In response to the_rock

Indeed but with HTTPS/QUIC inspection off i'm not sure it explains the observations here.

CCSM R77/R80/ELITE
0 Kudos
RemoteUser
Advisor
‎2025-05-30 12:48 AM
In response to Chris_Atkinson

Hi @Chris_Atkinson 

If you try yourself to see the behavior of url block filtering on some sites, in R82 and R81.20, you will notice the difference, (without https inspection enabled)

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-05-30 01:02 AM
In response to RemoteUser

I'm happy that your satisfied that R82 is the answer but without inspection enabled im not seeing any documentation that supports this should be the case, hope it is clear.

CCSM R77/R80/ELITE
PhoneBoy
Admin
Admin
‎2025-05-30 08:05 AM
In response to Chris_Atkinson

I imagine adding support for HTTP/3 and QUIC also included improvements to parsing the relevant traffic for HTTPS Categorization purposes.
Which might explain @RemoteUser‘s experience (even if such improvements aren’t explicitly documented).

0 Kudos
RemoteUser
Advisor
‎2025-05-29 02:08 AM
In response to Chris_Atkinson

TLS version1.2 i see

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2025-05-28 03:49 PM

Part of this could be ssl indpection being off, though for this issue, it just wont present block page.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events